1. Field of the Invention
The present invention relates in general to data processing systems and, in particular, to a data processing system and method for authenticating a client computer system to a secure network prior to permitting the client to attempt to log-on to the network. Still more particularly, the present invention relates to a data processing system and method for authenticating a client computer system utilizing an encrypted client identifier to a secure network prior to permitting the client to attempt to log-on to the network.
2. Description of the Related Art
Personal computer systems are well known in the art. They have attained widespread use for providing computer power to many segments of today""s modern society. Personal computers (PCs) may be defined as a desktop, floor standing, or portable microcomputer that includes a system unit having a central processing unit (CPU) and associated volatile and non-volatile memory, including random access memory (RAM) and basic input/output system read only memory (BIOS ROM), a system monitor, a keyboard, one or more flexible diskette drives, a CD-ROM drive, a fixed disk storage drive (also known as a xe2x80x9chard drivexe2x80x9d), a pointing device such as a mouse, and an optional network interface adapter. One of the distinguishing characteristics of these systems is the use of a motherboard or system planar to electrically connect these components together. Examples of such personal computer systems are IBM""s PC 300 series, Aptiva series, and Intellistation series.
A business may establish a secure network. The secure network provides for secure transmission of data. All computer systems included inside the secure network may freely attempt to log-on to the network. Access to the secure network is provided only within company buildings, or transmission between buildings over dedicated or leased lines.
The secure network may be protected by a firewall. The firewall provides an access point to external systems to the network. Computer systems included inside the firewall have access to the secure network and may view network traffic. Computer systems outside the firewall do not have direct access to the network. Access to the network by external computer systems is controlled by the firewall.
A mobile computer user may need to access the secure network remotely. In order to access the network through the firewall, the remote user needs to establish a communication link with the server, such as through a telephone line, and then attempt to log-on utilizing the user""s name and password. This creates a security risk for the network, however. The firewall will provide a communication link for any user attempting to log-on to the network. All the user needs to remotely dial into the network to attempt to log-on to the network is a telephone number and access and server numbers.
Encryption algorithms are known to ensure that only the intended recipient of a message can read and access the message. One known encryption algorithm is an asymmetric, or public key, algorithm. The public key algorithm is a method for encrypting messages sent from a first computer system to a second computer system. This algorithm provides for a key pair including a public key and a private key for each participant in a secure communication. This key pair is unique to each participant. Examples of such an encryption scheme are an RSA key pair system, and a secure sockets layer (SSL) system.
Therefore a need exists for a data processing system and method for authenticating a client computer system to a secure network prior to permitting the client to attempt to log-on to the network.
A data processing system and method are disclosed for authenticating a client computer system to a secure network prior to permitting the client computer system to attempt to log-on to the network. The secure network is controlled by a server computer system. A unique identifier is established which identifies the client computer system. The unique identifier is encrypted. Prior to permitting the client computer system to attempt to log-on to the secure network, the client computer system transmits the encrypted identifier to the server computer system. Also prior to permitting the client computer system to attempt to log-on to the network, the server computer system utilizes the unique identifier to determine whether to permit the client computer system to attempt to log-on to the network. The client computer system is authenticated prior to permitting the client computer system to attempt to log-on to the network.
The above as well as additional objectives, features, and advantages of the present invention will become apparent in the following detailed written description.